[Freeipa-users] disable user account in batch mode in IPA
Simo Sorce
simo at redhat.com
Fri Dec 21 19:43:20 UTC 2012
On Fri, 2012-12-21 at 11:33 -0500, Qing Chang wrote:
> I hope google did not skip me when searching for an answer.
>
> I'd like to disable inactive accounts migrated from OpneLDAP, so far
> I can only do it per web UI. Because I have hundreds of accounts to
> disable, I really appreciate if someone can provide a command line
> for me.
ipa user-disable shassan
> I actually tried to figure out what attribute corresponds to "disabled"
> but could not see it in ldapsearch output, for example:
>
> ldapsearch -LL -x -D 'cn=Directory Manager' -W -b 'dc=sri,dc=utoronto,dc=ca' '(uid=shassan)'
You have to explicitly request the 'nsAccountLock' attribute.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list